Chapter 14: Athena Flashcards
How to use MFA-delete?
Must enable versioning on s3 bucket beforehand
when is MFA delete required?
- permanently delete an obj version
- suspend versioning on the bucket
who can enable/disable MFA-delete?
bucket owner
How to enforce encryption on s3 bucket
- use default encryption option for s3 bucket
- use a bucket policy and refuse any API call to put an s3 object without headers
rules for setting logging bucket
do not set your logging bucket to be the monitored bucket. it will create a logging loop, and your bucket will grow in size
Types of S3 replication
- cross region replication (CRR)
2. same region replication (SRR)
What must be set prior to s3 replication
- must enable versioning in source and destination
2. must give proper IAM permissions to s3
CRR use case
compliance, lower latency access, replication across accounts
SRR use case
logs, aggregation, live replication between production and test accounts
Which objects are replicated after s3 replication is enabled
only new objects are replicated
What happens when a user is given a pre-signed url?
user inherits the permissions of the person who generated the url for get/put
what are the s3 storage classes
- standard - general purpose
- standard - IA
- one zone infrequent access
- intelligent tiering
- glacier
- glacier deep archive
Describe the standard/general purpose s3 storage class
- high durability of objects across multiple az
- sustain 2 concurrent facility failures
- use case: big data analytics, mobile and gaming apps, content distribution
describe the standard IA s3 storage class
- for when data is less accessed but rapid access is required
- high durability across multiple az
- low cost compared to s3 standard
- sustain 2 concurrent facility failures
- use cases: as a data store for disaster recovery back-ups
describe one-zone IA s3 storage class
- same as IA but one zone
- low latency and high throughput performance
- support SSL for data at transit + encryption at rest
- lower cost than IA
- use case: secondary backup, or data you can recreate
describe s3 intelligent tiering s3 storage class
- same low latency + high throughput performance of s3 standard
- small monthly monitoring fee
- automatically moves obj b/w tiers
- multiple az
- resilient against events taht impact an az
describe glacier s3 storage class
- low cost obj storage meant for archiving/backup
- data is retaiend for the longer term
- alternative to on-premise magnetic tape storage
- cost per month + retrieval cost
- each item in glacier is called “archive”
- archive are stored in vaults
What are the retrieval options for Amazon Glacier
- expediated
- standard ( 3 to 5 hours)
- bulk (5 to 12 hours)
** min storage of 90 days
What are the retrieval options for Amazon Deep Glacier
- Standard (12 hours)
- Bulk (48 hours)
** min storage duration of 180 days
How can S3 be moved between storage classes
- moving obj can be automated using a lifecycle config
What are the s3 lifecycle rules
- transition action: it defines when objects move to another storage class
- expiration actions: when objects should de deleted
- rules can be created for a creation prefix or obj tags
s3 select and glacier select
- retrieve less data using sql by performing server side filtering
- can filter by rows and columns
- less network transfer, less cpu cost client-side
what is s3 requester pay
the requester instead of the s3 bucket owner pays the cost of the request and the data download from the bucket
what is amazon athena
a server less query service to perform analytics against s3 objects
s3 object lock
- worm model
- block obj version deletion for an amt of time
- obj retention : retention period; legal hold
- mode: governance and compliance
